[Samba] Getent passwd (WAS Winbind breaking my head)

Thierry ITTY thierry.itty at besancon.org
Thu Sep 19 06:46:01 GMT 2002 

I checked my config. I do not allow domain accounts to be used for unix
login, and samba is configured with "password server = nt pdc", therefore
does no pam files contain any reference to winbind. thought, getent passwd
and getent group work fine and they do return domain account information.
this is a first step to reach.

then, if you want to use domain accounts to allow unix login, you have to
set pam to use winbind, and take care that winbind authentication is not
only necessary but sufficent to accept logins. what i mean, is that if you
only add winbind lines in the config file, it may be too restrictive and
let usual passwd files stay mandatory

hth




A 09:28 18/09/2002 +0100, Ash Green a écrit :
>Tried that ... To no joy though.  The key thing seems to be that the
>pam_winbind.so module is authenticating the logon, but the following
>part is blocking it, this is logged as :
>
>Sep 18 09:14:44 LTSP pam_winbind[1596]: user 'DOMAIN+test' granted
>access
>Sep 18 09:14:44 LTSP login[1596]: Permission denied
>
>There's only one line in my /etc/pam.d/login after the auth winbind
>section, which is (now) :
>auth required /lib/security/pam_pwdb.so use_first_pass shadow nullok
>debug
>
>The system was using pam_stack throughout, but I've changed to
>pam_pwdb.so now.
>
>Tried threatening it with a rusty screwdriver, but that didn't work
>either ...


>> A 08:35 17/09/2002 +0100, Ash Green a écrit :
>> >Thanks to the archive of this list, I've managed to work out that 
>> >everythings working on my winbind installation, but getent passwd & 
>> >getent group do NOT return the Domain entries, although 
>> wbinfo -u and 
>> >-g work fine.  All copies of smb.conf etc posted yesterday 
 
>> anyone any 
>> >ideas?
>> 
>> did you try
>> 
>> passwd:     files winbind nisplus nis  
>> shadow:     files winbind nisplus nis  
>> group:      files winbind nisplus nis  
>> 
>> in /etc/nsswitch.conf ?

			- * - * - * - * - * - * -
Bien sûr que je suis perfectionniste !
Mais ne pourrais-je pas l'être mieux ?
	Thierry ITTY
eMail : Thierry.Itty at Besancon.org		FRANCE

More information about the samba mailing list